(Sorry if this isn't in the right SE / is not relevant for security.stackexchange - seemed like the best choice)

Is there a way for two anonymous parties to establish that they are not previously known to each other, before revealing their identities?

Suppose that Alice and Bob are able to communicate anonymously and wish to engage in some sort of embarrassing activity together at a later date. They do not mind revealing their identity if the other party is someone they do not know, but they do not want to reveal their desire to participate in this activity to someone they do know. They want a way to confirm that neither of them knows the other without having to reveal their identity in the process (but they will inevitably reveal their identity if they go ahead with whatever activity they're planning).

So far my only idea is to involve a trusted third party that receives a list of names from both parties (including their own names), and checks for matches. The third party only confirms the presence or absence of a match. It might be possible for each party to only submit a list of hashes instead of identifiable names to reduce the risk of the third party revealing identities, if certain naming and hashing standards could be agreed by Alice and Bob.

This way if there is a match, Alice and Bob only know that the other is someone from their list. This is not ideal, though, as either party could manipulate the process by providing limited or targeted names to enable them to guess the other's identity.

I'm not sure this can ever work, because people won't necessarily know if they have met each other before. Human fallibility. @RoryM's solution is about as good as you'll get - not known by that service / on that list.
– Rory Alsop♦Feb 6 '14 at 12:25

3 Answers
3

If you're assuming that either Alice or Bob could be malicious and would actively try to subvert the process (e.g. by lying about their identity or their list of "known identities") then it would seem likely that you would need a trusted third party involved.

I'd suggest that the way to go is to have the TTP involved from the start. So if we assume that at the start of using the service Alice and Bob have no-one in their lists then the TTP can intermediate each transaction and be the custodian of the lists of who knows who (either using direct identities or using some form of pseudoname)

A challenge is what's to stop Alice or Bob from submitting another identity and then starting from scratch so to speak. That would be harder to overcome without the TTP taking up some kind of relatively immutable identity check, to make it harder to have multiple accounts.

If I read your answer correctly, it seems like you interpret "not previously known to each other" to mean "not known via the service". What I meant was for Alice and Bob to be able to confirm they don't know each other in any capacity, especially in real life. I.e. is there a solution that can work for single-time / first-time users?
– user39583Feb 6 '14 at 11:48

To do that you'd need to have a way for the TTP to unamiguously identify people IRL, which would mean that Alice and Bob would need to trust the TTP a lot as it would be able to prove that they'd used the service. Now places like Banks do this already for their customers (e.g. for money laundering regulations) but it requires a lot of infrastructure and presence in the countries that it's used in. A middle option might be for the users to pass a credit check with the TTP as that kind of proves who they are but not as well as IRL checks.
– Rоry McCuneFeb 6 '14 at 12:45

Assuming you can't trust the other party, you need a third party to identify both people, but even then, it's going to be a less than accurate process. If one party is not behaving in good faith, then there will be no intersection on the other person's list other than their actual identity.

Since the average person knows at least several thousand people and is unlikely to be able to recall them all, the chances of someone slipping through the cracks of the well behaved participant are exceptionally high. I know I've probably met over ten thousand people I could recognize (at least visually) if I saw them. I don't even know many of their names, but I can visually identify them. Human memory simply isn't good or reliable enough to do this with an untrusted party.

Now, if both parties can be trusted, it becomes far easier to get an approximation by looking for intersections between the lists that people can think of. While I may not be likely to remember Bob in Accounting's name, I remember enough of my co-workers that if we know a bunch of the same people from work, there's a good chance we've met before. It still isn't a sure thing and it requires both parties to be trust worthy in the interaction though and there is no way to verify that short of extended background checks by a third party. (ie, contacting each person on their list, verifying the relationship and asking them for a list of people they know the person knows and continuing until you don't have lose ends; and even that isn't perfect if they have different subsets of people that don't know about each other.)

In one comment you said that you would like that your system be able to tell if two users know each other in real life, or something in that sense. And if I understood correctly, knowing each other would be a disaster, so the balance would pend to the "in the smallest possibility, consider that they know each other".

In that case, Alice merely sign in for your service and informing all the people she knows isn't enough, as Hubert (her husband) could just sign in using some other name, and you'd have a problem.

You would need that everyone sign in provides more information, to build up that relationship network. And you can't just trust in what each one says, as that could be fake (again, Hubert could provide any information he wants).

So you'd need to trust information provided by 3rd parties. There are sites that are made entirely based on building networks: Facebook, MySpace, Orkut, Google+, Gmail automatic contacts creation, Linkedin... You could try to rely on their information, the same way Lulu does, to infer who knows who.

And again you'll need to deal with fake information. Lulu kind of does that, checking some constraints to reduce the probability of a fake profile having success. That can be done verifying how old is the account, how many friends the person has, how many friends each friend has, and so on. A long way to go.

And you would mark as "they know each other" as you find convenient: they have studied in the same college, they like the same restaurant, they have friends in common (in 1st, or 2nd, degree, like Alice knows Bob who knows Peter who knows Hubert, Alice's husband).

You'd need a great processing power, a huge database, and basically you'd be replicating the information that Facebook, etc., have.

Besides that, it's impossible to know if two person know each other in real life, if they don't have any information provided in those social sites. So you would need to let them out of your system.